{"document":{"category":"csaf_vex","csaf_version":"2.1","notes":[{"category":"summary","text":"Palo Alto Networks PSIRT provided VEX document. This document is autogenerated.","title":"PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted LLDP Frame"}],"publisher":{"category":"vendor","name":"Palo Alto Networks","namespace":"https://security.paloaltonetworks.com"},"title":"Palo Alto Networks PSIRT provided VEX document: CVE-2025-0116","distribution":{"text":"Copyright © 2024 Palo Alto Networks. All rights reserved.","tlp":{"label":"CLEAR","url":"https://www.first.org/tlp/"}},"tracking":{"current_release_date":"2026-04-11T00:26:12.049Z","generator":{"date":"2026-04-11T00:26:12.049Z","engine":{"name":"Vulnogram","version":"0.1.0-dev"}},"id":"CVE-2025-0116","initial_release_date":"2025-03-12T16:00:00.000Z","revision_history":[{"number":"1","date":"2025-03-12T09:00:00.000Z","summary":"Initial Publication"},{"number":"2","date":"2025-03-12T14:00:00.000Z","summary":"Updated the product status table to match the solution table"},{"number":"3","date":"2025-03-13T14:30:00.000Z","summary":"Updated the required configuration and workarounds sections "},{"number":"4","date":"2025-03-17T09:45:00.000Z","summary":"Updated the required configuration and workarounds sections "},{"number":"5","date":"2025-03-28T15:00:00.000Z","summary":"Updated fix availability of PAN-OS 10.2"},{"number":"6","date":"2025-03-31T09:55:00.000Z","summary":"Updated the ETA for 10.2.14 and the fixed 10.2.13 version listed in the solution section"},{"number":"7","date":"2025-03-31T14:10:00.000Z","summary":"Updated fix availability of PAN-OS 11.1"},{"number":"8","date":"2025-04-02T11:25:00.000Z","summary":"Updated fix availability of PAN OS 11.1"},{"number":"9","date":"2025-04-04T12:20:00.000Z","summary":"Updated fix availability of PAN-OS 10.2"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"name":"Palo Alto Networks","category":"vendor","branches":[{"name":"PAN-OS","category":"product_name","branches":[{"category":"product_version_range","name":"vers:generic/PAN-OS<11.2.5","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-656"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=11.2.5","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-656"}},{"category":"product_version_range","name":"vers:generic/PAN-OS<11.1.6-h6","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-661"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=11.1.8","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-658"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=11.1.6-h6","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-661"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=11.1.4-h17","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-662"}},{"category":"product_version_range","name":"vers:generic/PAN-OS<10.2.10-h17","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-660"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=10.2.14","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-535"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=10.2.13-h5","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-659"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=10.2.10-h17","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-660"}},{"category":"product_version_range","name":"vers:generic/PAN-OS<10.1.14-h11","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-657"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=10.1.14-h11","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-657"}}]},{"name":"Cloud NGFW","category":"product_name","branches":[{"category":"product_version","name":"Cloud NGFW All","product":{"name":"Palo Alto Networks Cloud NGFW","product_id":"PANW-Cloud-NGFW-1"}}]},{"name":"Prisma Access","category":"product_name","branches":[{"category":"product_version","name":"Prisma Access All","product":{"name":"Palo Alto Networks Prisma Access","product_id":"PANW-Prisma-Access-1"}}]}]}]},"vulnerabilities":[{"cve":"CVE-2025-0116","product_status":{"fixed":["PANW-PAN-OS-656","PANW-PAN-OS-658","PANW-PAN-OS-661","PANW-PAN-OS-662","PANW-PAN-OS-535","PANW-PAN-OS-659","PANW-PAN-OS-660","PANW-PAN-OS-657"],"known_affected":["PANW-PAN-OS-656","PANW-PAN-OS-661","PANW-PAN-OS-660","PANW-PAN-OS-657"],"known_not_affected":["PANW-Cloud-NGFW-1","PANW-Prisma-Access-1"]},"notes":[{"category":"description","text":"A Denial of Service (DoS) vulnerability in Palo Alto Networks PAN-OS software causes the firewall to unexpectedly reboot when processing a specially crafted LLDP frame sent by an unauthenticated adjacent attacker. Repeated attempts to initiate this condition causes the firewall to enter maintenance mode.\n\nThis issue does not apply to Cloud NGFWs or Prisma Access software."}],"references":[{"category":"external","summary":"NVD - CVE-2025-0116","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-0116"},{"category":"self","summary":"Palo Alto Networks Security Advisory CVE-2025-0116","url":"https://security.paloaltonetworks.com/CVE-2025-0116"}],"threats":[{"category":"impact","description":"A Denial of Service (DoS) vulnerability in Palo Alto Networks PAN-OS software causes the firewall to unexpectedly reboot when processing a specially crafted LLDP frame sent by an unauthenticated adjacent attacker. Repeated attempts to initiate this condition causes the firewall to enter maintenance mode.\n\nThis issue does not apply to Cloud NGFWs or Prisma Access software."}],"scores":[{"cvss_v4":{"version":"4.0","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"UNREPORTED","baseSeverity":"MEDIUM","baseScore":6.8,"threatSeverity":"MEDIUM","threatScore":4.3,"vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:C/RE:M/U:Amber"},"products":["PANW-PAN-OS-656","PANW-PAN-OS-661","PANW-PAN-OS-660","PANW-PAN-OS-657"]}]}]}